proxy_cookie_flags

Описание

The `proxy_cookie_flags` directive in NGINX allows users to specify flags for cookies that are set in the HTTP response from a proxied server. This directive can be used in the `http`, `server`, or `location` contexts, and it accepts one to four parameters corresponding to the specific flags that should be applied to cookies. The available flags typically include options like `Secure`, `HttpOnly`, and `SameSite`, which control cookie behavior concerning security and cross-site requests. When including the `proxy_cookie_flags` directive in your configuration, you can enable cookies to be transmitted in a more secure manner. For instance, setting the `Secure` flag ensures cookies are only sent over HTTPS connections, while the `HttpOnly` flag prevents JavaScript from accessing those cookies, enhancing protection against certain types of attacks. The parameters are used as a space-separated list, and NGINX evaluates the flags based on the order they are specified. Users should be cautious to use flags that are compatible with the application and browsers being supported, as improper configuration can lead to usability issues. To implement the `proxy_cookie_flags` directive, one can specify the flags directly in the configuration, which can be adjusted for different locations or servers as required. It is important to note that while this directive remedies some security concerns, it does not enforce the default settings applied by browsers, so developers should always consult both application requirements and browser documentation to ensure effective cookie handling.

Пример конфига

location /api {
    proxy_pass http://backend;
    proxy_cookie_flags HttpOnly;  
}